nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid showing the password in phpinfo()'s output

Browse Source
This commit is contained in:
Marc Delisle
2011-11-21 12:41:13 -05:00
parent e7877fba46
commit e2b6af5a99
3 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -18,6 +18,7 @@ phpMyAdmin - ChangeLog
view name in main panel db Structure page
- bug #3439292 [core] Fail to synchronize column with name of keyword
- bug #3425156 [interface] Add column after drop
- [interface] Avoid showing the password in phpinfo()'s output
3.4.7.1 (2011-11-10)
- [security] Fixed possible local file inclusion in XML import

4
libraries/auth/cookie.auth.lib.php
View File

@@ -549,6 +549,10 @@ function PMA_auth_set_user()
$cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER'];
$cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
// Avoid showing the password in phpinfo()'s output
unset($GLOBALS['PHP_AUTH_PW']);
unset($_SERVER['PHP_AUTH_PW']);
$_SESSION['last_access_time'] = time();
// Name and password cookies need to be refreshed each time

4
libraries/auth/http.auth.lib.php
View File

@@ -207,6 +207,10 @@ function PMA_auth_set_user()
$cfg['Server']['user'] = $PHP_AUTH_USER;
$cfg['Server']['password'] = $PHP_AUTH_PW;
// Avoid showing the password in phpinfo()'s output
unset($GLOBALS['PHP_AUTH_PW']);
unset($_SERVER['PHP_AUTH_PW']);
return true;
} // end of the 'PMA_auth_set_user()' function